Inspiring Cyberphysical Security into Design
Tuesday, July 28, 2015 @ 12:07 PM gHale
By Nate Kube
I was recently asked to speak with a group of product managers about cyber security. Not only do I want to share some of the recommendations discussed, but let me immediately open this month’s column by encouraging all manufacturers to have such conversations.
Inspiring, leading, and educating those who design the security of your future products is an investment worth making, as often as possible. This can be as simple as internal blogs. Or as enriching as a three-day event offered as a reward to your top performers. Whatever the method, there are several important trends your teams will need to know.
First, as I shared in my last column, “cyberphysical” is an appropriate term to capture a new environment we are entering, where machines operate automatically and rapidly based on real-time feedback. For product managers, who merge the engineering of a solution with customer and market needs, understanding implications of cyberphysical can be critical. It is these leaders who will determine how tightly to secure equipment communication modules, whether or not to include access such as Wi-Fi, and most importantly, whether to sacrifice convenience for security (rarely a good choice).
Pulse of Cyberphysical Security
Why does understanding cyberphysical characteristics matter? Consider how many critical services that the broader population relies on are, in fact, dependent upon cyberphysical interactivity. It’s difficult to pinpoint a more immediate example to our lives than heart pacemakers. More than three million people rely on pacemakers every day, and 600,000 new implants are performed each year, according to the American Heart Association. These cyberphysical devices not only manage electrical impulses in the human body, but they can also connect to external, remote systems for diagnosis and adjustments. Security takes on new meaning when you consider how and where these cyberphysical systems reside.
Another set of cyberphysical systems delivers our electricity, which we ambitiously consume at approximately 18,000 TerraWatts a year. How many of us can go 60 minutes without an electrical charge to our cell phones? Smart meters, not to mention power generation control systems, play a part in delivering this critical energy service.
Moving forward, we can envision a host of additional cyberphysical systems beyond these two examples, managing and impacting our daily lives. Many have seen self-driving cars, which are expected to grow at 134% CAGR in the next five years. Or consider home automation systems and maritime cargo monitoring.
As a security specialist, while I anticipate great reward from these new types of cyberphysical systems, I also envision the need for better protection. The dependency on cyberphysical systems exposes the broader population to a variety of risks. This is one of many reasons we want to ensure product managers, designers, R&D, and anyone managing such product deliveries understands how seriously to prioritize and adapt security for the cyberphysical era. The earlier they build in considerations for the behavior and usage of cyberphysical, the earlier vulnerabilities and product misuse possibilities can be phased out.
Changing Approach to Security
While I will outline here some of these risks, be assured that my follow up column will discuss solutions. My intent is to help readers visualize the relevance of cyberphysical systems in day-to-day lives, as background to why new approaches to security are required. And while our researchers handle very targeted and device-specific vulnerabilities behind closed doors, I will discuss in public only broad strokes of exposure, rather than risk proliferating any attack specifics.
ISSSource readers may be familiar with in-home thermostats, the latest of which include remote control capabilities. Similar to information security holes in enterprise devices, these consumer thermostats lack robust security measures. Researchers have already performed “jail break” attacks to take over these devices.
Product managers will always be up against market pressures to deliver their product first, and it’s likely quite a few can cite examples there they had to trade off convenience and price for limited protection. In some cases, it might not even be a conscious design decision. But considering our growing dependency on cyberphysical systems, this trade off can have severe consequences.
In other industries, it is less a competitive push to reach a consumer market triggering risks than it is a status quo about what constitutes a secure product.
In the energy sector, offshore oil rigs were once “air gapped” and not connected to other systems. We all know today that is not the case, with remote access and multiple contractor entry points. Similarly today, devices from as far afield as transportation and government services have a status quo to prioritize physical security first. Will seatbelts cause more injuries or save more lives, for example, or how will devices from state clinics affect the medical condition of citizens?
As cyber merges with physical inside vehicles and operating rooms, product security needs a new perspective. Has the system been tested against remote control access through Wi-Fi and USB penetration? If a cyberphysical device receives false commands, what are the implications for those relying on such systems?
Such examples are initial illustrations representing the changing aspects of risk we are exposed to as we enter the cyberphysical era.
The high level of machine-to-machine interactivity, the speed of sharing real-time information automatically, and the trade off of convenience for security in product lifecycle management all contribute to new levels of risk as cyberphysical systems emerge. Considering our increasing dependence on these critical systems, it is imperative to train and inspire product managers to share security knowledge and prioritize new cyberphysical security models. In my next column, I will illuminate options for how we can move forward, including implementing security measures much earlier in the design lifecycle.
Nate Kube founded Wurldtech Security Technologies in 2006 and as the company’s Chief Technology Officer, is responsible for strategic alliances, technology and thought leadership. Kube has created an extensive Intellectual Property portfolio and has filed numerous authored patents in formal test methods and critical systems protection. Wurldtech is an independent subsidiary of GE, which acquired the company in 2014.